×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

¿ The acl for "dmz access to inside" can slow performance ?

Unanswered Question
Apr 15th, 2008
User Badges:

Guys,


If you si any problems with the ACL, I ask that you please let me know at once.

My users are reporting latency with the web server after I implemented this rule. Please advise. Thanks.


access-list 109 extended permit tcp host 172.16.8.22 host 192.168.54.235 eq 8009

access-list 109 extended permit udp host 172.16.8.22 host 192.168.54.235 eq 8009

access-list 109 extended permit udp host 172.16.8.22 host 192.168.54.198 eq domain

access-list 109 extended permit udp host 172.16.8.22 host 192.168.54.196 eq domain


access-group 109 in interface DMZ


So, in what issues the acls can produce a slow access or performance ?




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

access-class is used to define, generally by source-address, which remote systems are allowed to connect via telnet or ssh to your device.

access-group specifies instead an ACL for packets allowed to traverse an interface, independently from the fact these are destined to the router or not.


An ACL applied outbound (with access-group out) will filter only traffic that goes through the router but will not filter traffic that originates on the router.

Actions

This Discussion